Grafana + graylog

(Ayoub) #1

hello everyone,
is it possible to integrate my graylog with Grafana, my goal to enrich my graylog project and have “Log analysis” ? you advise me to add grafana with graylog ?

Thanks

#2
1 Like
(Ayoub) #3

thanks a lot @Karlis , for the installation grafana of with graylog on the same VM (os: centos7), I will follow this link

https://www.tecmint.com/install-glances-influxdb-grafana-to-monitor-centos-7/

(Ayoub) #4

I find that this link is better for the installation of grafana

(Ayoub) #6

hi @Karlis please I followed whole step in the link of graylog marketplace, but i couldn’t make the graylog integration with Grafana (os: centos7)
https://marketplace.graylog.org/addons/962af1ae-dee3-400a-9207-7af2188fca49

Please help

#7

Are you using Telegraf?

1 Like
(Ayoub) #8

no :slightly_frowning_face: I just installed … influxdb ,telegraf, Grafana… I have not configured
…i don’t know a lot about Telegraf… I collect logs with graylog and I want to make dashboards logs with Grafana …please help

#9

On second paragraph: “This dashboard uses Graylog plugin from Telegraf.”

1 Like
(Ayoub) #10

@Karlis yes I configured this file in /etc/telegraf/telegraf.d/graylog.conf but I want to know the integration how is done after

(Zero) #11

If I understood correctly you want to use Grafana for Visualizations of data processed by Graylog.
If you were setting up Graylog you should remember about Elasticsearch. Basically, Graylog is storing all processed data in Elasticsearch and Grafana has a Elasticsearch “Data Source”.

So,

  • open up your Grafana, add an Elasticsearch source

  • point it’s address into your Elasticsearch node/cluster which Graylog is using (for example http://127.0.0.1:9200 )

  • setup Auth to your needs, I’am using basic auth so I have to setup those credentials but I’m not using TLS (not X-Pack elastic) so I’m skipping TLS Verification

  • Set index pattern as * if you want to use EVERYTHING you have stored inside your Graylog / Elasticsearch stack but beware, you will be querying everything so it’s better to actually create one data source per index set, do what you prefer

  • set “Time field name” to “timestamp” (not @timestamp)

And that’s it. You can create a dashboard and use the elasticsearch datasource you just added.

1 Like
(Ayoub) #12

Hello @Zerobot, I thank you very much for your answer, you understand my situation thanks a lot, I want to see graylog logs as dashborads under Grafana, please help

(Zero) #13

Yeah, that’s almost it!
Tick “Skip TLS Verify” and change “Time field name” from @timestamp to just timestamp - just delete that @ in front of it. Also, which version of Elasticsearch are you using? Pick the Version according to it.

1 Like
(Ayoub) #14

v

please that’s my elasticsearch version 5.6.0 ??

(Ayoub) #15

(Zero) #16

Change “Version” to “6.0+”, you have elastic ver. 6.7.2. Also, if you have installed Grafana on the same machine as Elasticsearch - change URL to http://localhost:9200.

Also it is a good idea to just check the URL you typed in your browser, elasticsearch should answer to it - this way you can check if you are using the right IP/ DNS. My bet is you should just change the URL to http://localhost:9200 because you are clearly using curl on localhost:9200 and you wrote before about installing Grafana on the same VM too…

1 Like
(Ayoub) #17

okay @Zerobot graylog + grafana on the same machine and the same @ip graylog port 9000 and grafana 3000 my url is http://10.x.x.x

(Ayoub) #18

(Zero) #19

Great! Now you can create a dashboard and use this elasticsearch Data Source which has all data stored in graylog indexes. From this point you have to read Grafana docs and watch tutorials about creating visualizations in Grafana :slight_smile:

1 Like
(Ayoub) #20

thank you so much @Zerobot , in my project I collect the logs of Firewall Palo alto and switch cisco, I want to see their dashboards :sob: this graph that is displayed it tells me nothing !!